check if flake.lock is writable before update

viperML · May 1, 2024 · 6dc5d44 · 6dc5d44
1 parent 9589dea
commit 6dc5d44
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/src/home.rs b/src/home.rs
@@ -1,4 +1,5 @@
 use std::env;
+use std::fs::OpenOptions;
 use std::ops::Deref;
 use std::path::PathBuf;
 
@@ -67,6 +68,25 @@ impl HomeRebuildArgs {
                 panic!("Failed to get Nix version. Custom Nix fork?");
             });
 
+            // Get the permissions of flake.lock, check if we can write to it
+            // as the current user. If we can write, proceed with the update
+            // or else bail out.
+            let file = OpenOptions::new()
+                .read(true)
+                .write(true)
+                .create(false) // probably the default, but I am not taking my chances -raf
+                .open("flake.lock");
+
+            match file {
+                Ok(_) => (),
+                Err(e) => {
+                    panic!(
+                        "nh does not support updating flakes owned by root. Error: {:?}.",
+                        e
+                    );
+                }
+            }
+
             // Default interface for updating flake inputs
             let mut update_args = vec!["nix", "flake", "update"];
 

diff --git a/src/nixos.rs b/src/nixos.rs
@@ -1,3 +1,4 @@
+use std::fs::OpenOptions;
 use std::ops::Deref;
 
 use color_eyre::eyre::{bail, Context};
@@ -54,6 +55,25 @@ impl OsRebuildArgs {
                 panic!("Failed to get Nix version. Custom Nix fork?");
             });
 
+            // Get the permissions of flake.lock, check if we can write to it
+            // as the current user. If we can write, proceed with the update
+            // or else bail out.
+            let file = OpenOptions::new()
+                .read(true)
+                .write(true)
+                .create(false) // probably the default, but I am not taking my chances -raf
+                .open("flake.lock");
+
+            match file {
+                Ok(_) => (),
+                Err(e) => {
+                    panic!(
+                        "nh does not support updating flakes owned by root. Error: {:?}.",
+                        e
+                    );
+                }
+            }
+
             // Default interface for updating flake inputs
             let mut update_args = vec!["nix", "flake", "update"];